Insurance Cyber Security

SMSICT Solutions > Insurance Cyber Security

The following Case Study & Forensics Analysis is for a global International Insurance company

  • Client: Major International Insurance Firm
  • Incident: At 11:00 pm the corporate network went down.
    • Users could not log onto the network via SSO and Active Directory
    • The entire corporate central authentication systems where not working
    • Without a way to authenticate email services where inaccessible
  • Additional information shared:
    • The client is a large insurance firm with a prominent public profile.
    • The breach was initially suspected to be a targeted attack.
    • Multiple media sources had written accounts of a specific group’s sophisticated hacking capabilities.
  • Actions taken during the Forensics Analysis:
    • An Incident Response and Forensics Analysis Team was deployed to the client site within 4 hours.
    • All available evidence was imaged and backed up.
    • Logs were gathered from the internal/external web servers, firewall, routers, IDS/IPS, Windows event logs.
    • Evidence files obtained from server hard drives were analyzed.
    • All collected logs were correlated and analyzed.
    • Services and processes on the effected computers were analyzed.
    • Windows Server, Router and firewall configurations were analyzed.
    • Every step of the investigation was documented in detail.
  • Results:
    • The CyberSecOP team discovered a sophisticated botnet with command and control software installed.
    • The botnet changed the security policies on the servers preventing authorized users from logging in.
    • The botnet was a brand new form of malware, and no public information was available until 12 days later.
    • The root cause of the vulnerability was determined by the CyberSecOP team to be due to a mis-configuration of the firewall.
    • The CyberSecOP Team provided an analysis report and recommendation on root cause remediation.
    • The CyberSecOP Team assisted the client with the root cause remediation process and restored the network and email operation.
    • Based on the evaluation, The CyberSecOP team concluded this instance was not the result of a targeted attack.